package com.wu.webstep4.config;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

import com.wu.webstep4.customUrl.MyAccessDecisionManager;
import com.wu.webstep4.customUrl.MyFilterInvocationSecurityMetadataSource;

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		// 基于内存来存储用户信息
		auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("user")
				.password(new BCryptPasswordEncoder().encode("123")).roles("USER").and().withUser("wu")
				.password(new BCryptPasswordEncoder().encode("123")).roles("USER", "ADMIN");
	}

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.formLogin()
		.loginPage("/index").loginProcessingUrl("/account/login").successForwardUrl("/hello").defaultSuccessUrl("/hello")
		.and().logout().and().csrf().disable()
		.authorizeRequests()
		.anyRequest()
		.authenticated()
		.withObjectPostProcessor(
				new ObjectPostProcessor<FilterSecurityInterceptor>() {
					public <O extends FilterSecurityInterceptor> O postProcess(
							O fsi) {
						fsi.setSecurityMetadataSource(mySecurityMetadataSource());
						fsi.setAccessDecisionManager(myAccessDecisionManager());
						return fsi;
					}
				});
		
	}
	
	@Bean("FilterInvocationSecurityMetadataSource")
	public FilterInvocationSecurityMetadataSource mySecurityMetadataSource() {
		MyFilterInvocationSecurityMetadataSource securityMetadataSource = new MyFilterInvocationSecurityMetadataSource();
		return securityMetadataSource;
	}

	@Bean("AccessDecisionManager")
	public AccessDecisionManager myAccessDecisionManager() {
		return new MyAccessDecisionManager();
	}


	@Bean
	public PasswordEncoder passwordEncoder() {
		return new BCryptPasswordEncoder();
	}
}